Method for storing data blocks in a memory

ABSTRACT

This invention describes a storage method of a plurality of data blocks in a digital re-writable memory of semiconductors controlled by a memory manager and characterized by the following steps that consist of: randomly determining an available area, storing the data block in the area chosen in this way. This method of data storage is preferably applied to chip cards and to similar electronic modules. It prevents the reproduction of the functionalities of the card after an analysis of the contents of the memory. Furthermore, it assures a better distribution of the wearing of the memory.

This invention relates to the field of data storage in a re-writabledigital memory of semiconductors that keeps its contents in cases wherethe power supply is interrupted. More particularly, the inventionrelates to the management of the memory space available by means of astorage method for data blocks in the memory.

The semiconductor memories are used in all the applications thatcomprise microprocessors, for which it is necessary to store the programand the necessary data for their functioning.

The data are introduced, in general, in the memory in predeterminedaddresses, namely, defined during the development of the program, orsequentially, namely, by successive blocks following the blocks alreadypresent in the memory. Likewise these blocks can be re-recorded on otherblocks that are already present, in order to renew the data that havebecome obsolete. A block is a sequence of bits or bytes of predeterminedlength or size that includes a header containing a block identifier anda number defining its length.

According to the instructions of the program, the data are stored in thememory in positions defined by addresses. The latter are determined bymeans of parameters contained in the program. These reserved positionsare situated in any area of the memory whose limits are defined by afield of addresses. This range, determined in this way, corresponds tothe capacity available that is, in general, greater than the maximumquantity of data that can be stored in it.

Numerous applications of more and more sophisticated data processing areinstalled on smaller and smaller physical mediums. Therefore, thecapacity of the memories used for microprocessors must be optimized tothe maximum. These cases appear for example in different modules ofelectronics like smart cards or in any other medium that includesnumerical processing components of miniaturized data.

Some applications, particularly access control ones, user identificationones or those of electronic payment, must respond to more and moresafety demands in order to avoid fraud. Indeed, the functions of a cardcan be revealed after deep analysis of the contents of the memoryassociated to the processor. For example, the debit mechanism of apayment card produces a set of data that are stored in positions of thememory, which are predetermined by the program. For each operation doneby the card, a well-defined configuration of the data in the memorycorresponds to it. This situation leaves a door open to piracy of thecards whose functionalities can be copied or simulated onto other cards.

The object of the present invention is to propose a protected storagemethod for data in a memory so as to avoid falsifications of theircontents by analysis. Another object consists in limiting the wearing ofthe memory by means of improved management of the data reading/writingcycles.

This objective is achieved thanks to a storage method of a plurality ofdata blocks in a digital re-writable memory of semiconductors controlledby a memory manager and characterized by the following steps thatconsist of:

-   -   randomly determining an available area,    -   storing the data block in the area chosen in this way.

By “available area” one understands an area of the memory that is freeof data or that contains data replaceable by new ones like in case of anupdating for example.

The method according to the invention allows the storage of data blocksin positions of the memory that are always different although theprogram carries out a series of identical operations. For example, a 10units debit operation on a card will not have the same effect on thememory contents structure at each execution of the same debit function.Furthermore, two identical cards that carry out an identical operationwill have a completely different structure in the contents of theirmemory. In this way, an analysis of the data of a card will not allowone to reproduce an image of the operations of the first card with theother and vice versa.

Besides the aspect relative to security, the method of the inventionallows, thanks to the reading/writing in randomly chosen areas, betterdistribution of the wearing of the memory. Therefore there will not beareas in the memory that are worn out more quickly than others, likewhen numerous data reading/writing cycles are carried out always in anassigned place of the memory.

The random selection of an available memory area can be carried outaccording to different variants:

1—The result obtained after the exploration of the memory constitutes alist of addresses corresponding to the available areas. This list iskept temporarily in a random access memory. Afterwards an address israndomly chosen from this list, and then the data block is stored in thearea of the memory indicated by this address. A variant of this methodconsists in continually maintaining a table with the available areas andrandomly choosing an address among them.

2—of the memory determines the maximum number of available areas. Arandom selection of a number n between 1 and the number of areas founddesignates the area where the block must be stored. For example, thereare 20 areas available, the random selection of a number between 1 and20 gives 8, the block is therefore stored in the eighth available area.

3—A number N is randomly determined between 1 and the maximum number ofareas possible. The memory manager sequentially searches said Nthavailable area, and if it reaches the end of the memory before findingthis area, the memory manager restarts the search from the beginning ofthe memory until the Nth available area is found.

The invention will be better understood thanks to the following detaileddescription that relates to the attached figures given as a non-limitingexample, that are:

FIG. 1 shows the storage of some data blocks with the same length in aportion of the memory.

FIG. 2 shows the storage of variable length blocks.

FIG. 3 illustrates the storage of blocks taking a predetermined gap intoaccount.

FIG. 1 illustrates a case in which the data blocks all have the samelength l. They are memorized randomly in available areas whose lengthcorresponds to a multiple of the block length to be memorized. Forexample, if the blocks all have a length of 10 bytes, they can bedistributed at random in positions of 10, 20, 30, 40, etc. bytes. Theavailable area can be bigger than the block to be memorized. Forexample, a block of 10 bytes B8 can be placed in a space e2 of 30 bytesand with an offset of 20 bytes with regard to the beginning of theavailable area, namely at 20 bytes from the preceding block B5.

During the storage of a new block Bn, according to the first variant ofthe invention, the memory manager will explore the memory and willdeduce the available addresses from there e1, e2, 1, e2, 2, e3 and e4understanding that space e2 allows storing two blocks of fixed length.Once these addresses are determined, a random variable can be used todefine the address of the available area where block Bn will be stored.

According to the second variant, the manager finds 5 available areaswhose length corresponds to those of the blocks to be stored. A randomselection of a number between 1 and 5 gives 3, the block Bn willtherefore be stored in the third area, namely, in e2, 2.

According to the third variant, the maximum number of available areas Zis 13. The manager randomly determines a number N between 1 and 13, forexample 8, afterwards it explores the memory to find the eighthavailable area. A first run reveals that there are 5 available areas anda second run from the beginning determines that position e2, 2 (thethird) corresponds to the eighth area. In brief, if the determinedrandom number N is greater than the number of available places P, theposition of the free space is defined by the random number N modulo thenumber of available places P. Here, in the example, N=8 is bigger thanP=5, so the block will be stored in position 8 modulo 5=3rd place. Inthe particular case where N modulo P is equal to 0, the block can besituated in the first or last position. According to another variant,the random number N can be defined again until obtaining a value Nmodulo P different from zero.

FIG. 2 a) represents the case in which the blocks have a variable lengthand are separated or not by free areas. For example a block B2 of 20bytes begins at 5 bytes from the preceding block and ends 5 bytes beforeblock B4. The areas or free spaces e1 and e2 before and after B2 can beoccupied if B2 and B4 must be replaced, for example. It is the same forall the other free spaces that are either occupied or that move duringthe storage of new blocks Bn instead of the preceding ones.

A new block Bn can be stored in the remaining free spaces or substituteone or several of the blocks still present that are no longer useful. Inthis way the freed space allows the storage of several smaller blocks ora bigger block that occupies all or part of the space. Figures b) and c)show an example of updating: a new block B12 has been stored in the freespace e4. Block B10 is replaced by a bigger block B11 that, therefore,occupies all the freed space e9 between B7 and B9. Blocks B2 and B4 havebeen replaced by B13 that occupies half of the freed space e10. The newfree space e11 created in this way will be used during the next storageof blocks.

According to another variant of the invention illustrated in FIG. 3, theprogram determines a usual length m of the data blocks to memorize. Thisvalue can correspond to the most frequent length of blocks or, incertain cases, to the average length of the blocks. After randomselection of the available storage area, the block will be memorizedeither directly after an already present block, in the case where theblock has an equal or longer length than said length m, or with anoffset of n bytes in order that the length of the block and the offset nis equal to the length m. This variant allows, after the deletion ofthis block, freeing a space that will be used very quickly. Without thisoffset foreseen at the time of storage, the position freed by this blockwill have very little chance to be used again.

According to our example, the normal length m of the blocks is 15 bytes;the blocks have lengths that vary between 5 and 20 bytes. Two cases areshown:

If the length of the block Bn to be stored is smaller than the currentlength m, Bn is stored at a pitch m starting from the preceding block inorder to leave a free space equal to the difference between m and thelength of Bn. According to the example above, a block of 10 bytes isplaced at 15−10=5 bytes from the previous block. FIG. 3 a) shows blocksseparated by available areas. In FIG. 3 b) a block B6 is stored in thefree space e2, the length of B6 being smaller than the current length m,B6 is placed at a pitch m starting from the preceding block B2. Thespace e5 between B2 and B6 is equivalent to the difference of lengthbetween m and the length of B6.

If the length of the block Bn to be stored is greater or equal to thecurrent length m, Bn is placed immediately after the preceding block. InFIG. 3 b) B7 is bigger that the value m and is placed therefore in e4after B5 without leaving any free space between them.

The method according to the invention can also be applied to moreimportant memories that have a structure in form of a table or matrixthat allows direct access to the data blocks. In such a case somepointers define the positions available in the memory. The latter arechosen randomly before storage of the data blocks in the memory.

The data from which the blocks have been stored according to the methodof the invention can be reconstructed by analysis, either theidentifiers contained in the headings of the blocks or the addresses ofeach block contained in a previously memorized table.

In one embodiment of the invention, the table that contains the directaccess pointers is contained in a second secured memory. In this way, itis possible that the main memory is an unsecured such as a memory of acomputer and that the pointer table is stored in a security module (asmart card or similar element). Each data block comprises an identifierthat will be transmitted to the card eventually along with the size ofthe data. In exchange, the card randomly determines a pointer among thefree pointers as described previously and returns this pointer to thehost computer. In parallel, the card stores the data identifier alongwith the pointer value.

It is noted that it is possible to avoid storing the identifier with thedata block in the main memory, this information being found only in thesecured memory. Storing the blocks without their identifier in the mainmemory will then prevent any identification of these blocks through ananalysis of the memory.

In the case of reading, the identifier is transmitted to the card thatsearches for the corresponding pointer in its secured memory; a pointerthat will be returned to the host computer to accede to the data blocksin the main memory.

In this way, each main memory content is unique and cannot betransported from one computer to another. It must compulsorily beaccompanied by the security element that stores the pointer table.

1-11. (canceled)
 12. Storage method of a plurality of data blocks in adigital re-writable semiconductor memory controlled by a memory managerand wherein it consists of the following steps: randomly determining anavailable memory area, storing the data block in the area chosen in thisway.
 13. Method according to claim 12, wherein it comprises a previousexploration step of the memory made by the memory manager, saidexploration determining the available areas.
 14. Method according toclaim 13, wherein the result obtained after exploring the memoryconstitutes a list with the addresses of the available areas storedtemporarily in a second memory, an address is then chosen randomly fromsaid list and the data block is stored in the area of the memoryindicated by this address.
 15. Method according to claim 13, wherein theexploration of the memory determines the number of available areas, anumber between 1 and the number of areas found is randomly determinedand used to designate the area where the block must be stored. 16.Method according to claim 12, wherein a number N between 1 and themaximum number of available areas possible is randomly determined, thememory manager sequentially searches the N^(th) available area and, ifthe end of the memory is reached before finding said area, the memorymanager restarts the search from the beginning of the memory until itreached the N^(th) available area.
 17. Method according to claim 12,wherein the blocks are of variable length, the storage of a block in thememory being made in an available area of a length equal to or longerthan the block length.
 18. Method according to claim 12, wherein thedata blocks are all the same length, the memory available areas having alength equal to or longer than a multiple of the length of the blocks.19. Method according to claim 12, wherein it includes a previousdetermination step of the usual length m of the blocks to be memorized,the blocks Bn of a shorter length than said usual value are stored at apitch m from the preceding block in order to leave a free space equal tothe difference between the usual length m and the block Bn length, theblocks Bn of equal length or longer than the current length m beingstored immediately after the preceding block.
 20. Method according toclaim 12, wherein the memory is with direct access to the data through apointer table, said pointers being chosen randomly before the storage ofthe data blocks in the memory.
 21. Method according to claim 19, whereinthe pointer table is stored in a secured memory different from the mainmemory, each pointer being associated to an identifier of the datablock.
 22. Method according to claim 19, wherein said different securedmemory is coated in a removable security module such as a smart card.